Bug Description

TLS-SNI-01 had a CA security issue in shared hosts, as such the letsencrypt CA blocked the auth method. The update is in 0.21.0, until it's pushed out renewing will be more difficult as you'll need to configure webroot renewals.

This affects all current and future versions. I'm in 14.04.5 LTS
I'm on certbot 0.19.0, 20.0-3 is available in The Bionic Beaver